![securecoding logo](/images/securecoding-logo.png)
Secure Coding mailing list archives
boundaries/responsibilities
From: petesh at indigo.ie (Pete Shanahan)
Date: Thu, 09 Feb 2006 02:01:47 +0000
While I'm riveted by the bug versus flaw debate - as it fundamentally illustrates the importance of discussing things from the same premise(*), I have what I would consider to be an interesting tangential issue that has been bothering me for several years. I've written many programs (in C, C++) and have never made much effort to make them input safe. I generally made sure that buffers could not be overrun by using the 'n' versions of the string functions, and I didn't consider the task too heavily. The problem is that my code is in far wider and more varied an environment than I had ever expected, and I am now concerned that I may be exposed to some form of liability. This is due to the code having not been issued with any specific exclusion of warranty; such as would be present in the agreement for the Java language/environment. (*) It was my logic lecturer who had an anecdote about two men arguing from different buildings. A man walks along during one of the arguments and shouts to the both of them that they will never agree as they are arguing from different premises. -- Pete +353 (87) 412 9576 [M] | +353 (66) 71 42367 [H]
Current thread:
- boundaries/responsibilities Pete Shanahan (Feb 08)